信息安全行業裏面一些很不錯的書
阿新 • • 發佈:2017-07-02
cts 學習 window review ipad put phone inner 架構
Auerbach.Complete.Guide.to.CISM.Certification.Dec.2006.pdf 較老的CISM教材,但內容不錯,值得學習;
Auerbach.Publications.Official.ISC.2.Guide.to.the.CISSP-ISSEP.CBK.eBook.pdf ISSEP CBK,值得認真學習;
BCM-Building an Effective Incident Management Plan.pdf 比較細致深入的從Incident角度講解了BCM,裏面大量案例非常值得參考;
BackTrack.5.Wireless.Penetration.Testing.Beginners.Guide.rar 內容一般;
Build.Your.Own.Security.Lab.rar Matespoit的書,可以學習一下;
CISA_Review_Manual_2011.pdf
CISM Review Questions, Answers & Explanations Manual 2009.pdf
CISSP Practice Exams - Book.pdf
CPA_Exam_Review_2011.rar
CRC.Press.Building.an.Effective.Information.Security.Policy.Architecture.pdf 講解如何編寫安全策略、制度的書,流程寫的較細致,但內容不夠精辟;
Cisco Switching Black Book.pdf
Cisco.Security.Little.Black.Book.eBook-EEn.pdf
Computer Forensics Investigating Data and Image Files.pdf 一本非常好的取證分析書,推薦;
Computer Forensics for Dummies.pdf
Computer and Information Security Handbook.rar 類似於Information Security Engneering,內容非常廣泛龐雜,增長知識的書,但不精深;
Defining Incident Management Processes for CSIRTs A Work in Progress.pdf CERT官方指南,教科書;
EC Council - ECSA-LPT Training V 4.0.pdf EC-Council ECSA官方教材,內容一般,不推薦;
ECSAv4-LPTv4 Instructor slides.rar
EMC Cloud Computing Security Overview.rar EMC的雲安全培訓材料,簡單入門;
Elsevier_Security_Risk_Management_2011.pdf 一本好書,務實的講解信息安全管理,非常推薦;
Enterprise Risk Management Best Practices.pdf 一本不錯的書,不過是講COSO/ERM的,並非針對information security,而且也不貼近,不過書本身還是不錯的;
Expert.Oracle.and.Java.Security.pdf Oracle和相關開發安全的書,內容不錯,尤其入門者可以學習;
Fundamentals of Project Management.pdf 項目管理書,內容一般,入門級別,不如學習Sybex PMP review;
Gray Hat Python.pdf python高階內容的書,偏重於逆向工程和程序調試,資深逆向和python愛好者可以看下;
HACKING EXPOSED MALWARE AND ROOTKITS- Malware and Rootkits Secrets and SolutionsHACKING EXPOSED MALWARE AND ROOTKITS- Malware and Rootkits Secrets and Solutions.pdf 黑客大曝光系列,講解rootkit類的,不錯的incident handling & forensics參考書;
Hackers Heroes of the Computer Revolution - 25th Anniversary Edition.pdf 歷史書;
Hackers.and.Painters.pdf 另一本歷史書,內容還行;
Hacking Exposed Computer Forensics Secrets & Solutions, Second Edition - Aaron Philipp.pdf 黑客大曝光取證,內容不錯;
Hacking Exposed Web Applications 3rd.pdf web安全第三版,好像2011的,內容很好,同類中的佼佼者;
Handbook for Computer Security Incident Response Teams (CSIRTs).pdf cert教科書;
How to Achieve 27001.pdf 27001認證建設的書,不過其實主要篇幅都在寫合規性管理,不如看Building.an.Effective.Information.Security.Policy.Architecture和CISO Handbook;
How to Prepare Business Cases.pdf 附加資料,如何編寫business case,合格的manager和pm應該看;
Human Resource Management fundamentals.pdf
ISACA CISA Exam Review 2011.rar
ISC Official Guide to CISSP Exam.rar CISSP OIG v2;
Incident Management Capability Metrics Version 0.1_07tr008.pdf cert教科書,講incident management度量的;
Incident Response and Computer Forensics.pdf 另一本incident和forensics的書,推薦;
Information Security Governace 2008.pdf 信息安全治理和管理,內容不錯,很精簡,初建安全管理體系者可以以之為參考;
Information Security Harmonisation.pdf 短小的讀物,講解一系列信息安全管理、治理標準之間的對比;
Information Security and Cryptography.pdf 加密學教科書,內容中規中矩,還是很詳細的,但可讀性不如RSA三件套;
Metasploit_The_Penetration_Tester‘s_Guide_2011.rar metaspoit的書,這本內容還不錯;
Mind Tools_Practical Thinking Skills for an Excellent Life_2007.pdf 管理工具和技能培訓,所有的職業人都應當學習,非常推薦;
Moving_from_Project_Management_to_Project_Leadership.pdf
Network-Infrastructure-Security.pdf
Network.Security.Bible.Jan.2005.pdf 第一章內容還行,後面一般;
Ninja Hacking - Unconventional Penetration Testing - T. Wilhelm, et al., (Syngress, 2011).pdf 很另類的書...反正很另類就是了,但是內容太裝B,不實在,不推薦;
No-Drama.Project.Management.pdf
No.Starch.Practical.Packet.Analysis.2nd.Edition.Jun.2011.pdf 實用厚道的網絡協議分析書,推薦;
O‘Reilly - Hardening Cisco Routers.rar
O‘Reilly - Programming Python (Fourth Edition).pdf
O-ESA.pdf
Offensive.Security.Collection.rar offensive的安全系列集合;
Offensve Security WiFu Training.rar offensive的wifi培訓,主要講解backtrack,內容不錯;
Official ISC2 Guide to The ISSAP CBK.pdf ISSAP CBK;
Oracle_LiveResponse.pdf
PKI_Implementing_and_Managing_E-Security.pdf RSA的PKI經典,值得學習;
PMBOK2008cn.pdf
PMP_Exam_Prep_6th_Edition.pdf
PMP_Project_Management_Professional_Exam_Review_Guide.pdf 前面三本經典的PMP教材,值得任何想走的長遠的人學習;
PassGuide CISM V3.21.pdf
Penetration Testing and Vulnerability Analysis Class.rar
Practical Enterprise Risk Management A Business Process Approach.pdf 另一本講解ERM的書,與信息安全關系不大,但內容不錯;
Practical Oracle Security.pdf Oracle安全的書,很容很不錯,可以和前面那個oracle & java一起閱讀;
Presentation Secret.pdf jobs的演講技巧,非常推薦,值得學習;
Project Management 5ed -The Managerial Process.pdf
Project_Management_A_Complete_Guide.pdf pmp的書,不如前面兩個,不推薦;
Python Standard Library.pdf
RSA_Securitys_Official_Guide_to_Cryptography.pdf RSA加密的經典,推薦;
SANS_GCIA_503_Intrusion_Detection.rar
SANS_SEC531.pdf
Sams.VBScript.WMI.and.ADSI.Unleashed.May.2007.pdf
Security Planning Using Zachman Framework for Enterprises.pdf
Security Policies and Implementing Identify Management with AD.pdf 使用AD構建IDM的書,內容一般;
Security for Microsoft Administrator.rar windows安全,內容基礎,不適合於做安全服務的人;
Security Monitoring.rar 安全日誌分析的書;
Sockets, Shellcode, Porting, & Coding, RE.rar 一本歷史悠久的shellcode經典教材;
Syngress - Business Continuity and Disaster Recovery Planning for IT Professionals.pdf 非常全面的BCP書,偏重於IT BCP/DRP,非常推薦;
Syngress - Hack Proofing Your Network (2nd Edition).pdf
Syngress Security for Microsoft Windows System Administrators(2010).pdf
Syngress Wireshark and Ethereal Network Protocol Analyzer Toolkit(2006).pdf 另一本講wireshark的書,內容也不錯,可以和前面那本一起看;
Syngress Writing Security Tools and Exploits(2006).pdf
The Mac Hacker‘s Handbook.pdf osx exploit開發;
The Official CHFI Study Guide 2007.pdf CHFI v4官方教材,取證,內容經典,可以作為主要教材;
The_CISO_Handbook.pdf CISO Handbook,信息安全管理,對不不同人可能相差很大;
Wiley.Security.Engineering.2nd.Edition.Apr.2008.pdf 增長見識的經典教材,內容龐雜,可以作為cissp補充閱讀資料;
Write Great Code.rar
Writing Exploits Tuts from Corelan Team.rar
cisa_study_guide_2011_Sybex_3rd.rar sybex的cisa備考書,內容組織比CRM好很多,推薦用此替代CISA Review Manual;
crc press - cyber crime investigator‘s field guide.pdf 較老的取證書,CISSP ISSxP CIB中推薦的補充材料,但內容一般;
designing-security-architecture-solutions.pdf
ence_v6_study_guide.pdf encase認證的培訓教材;
iOS Forensic Analysis for iPhone, iPad and iPod Touch.pdf
incident-handlers-handbook.pdf
nmap-cookbook-the-fat-free-guide-to-network-scanning.pdf nmap的pocket手冊,快速查閱可以看看,不過一般是用不到;
syngress - Eleventh Hour CISSP Study Guide.pdf 一本不錯的cissp書,適合考前總復習快速回憶知識點;
togaf_v9.pdf togaf白皮書;
windows_internal_5ed.pdf 經典的windows材料;
Volonino - Computer Forensics for Dummies (Wiley, 2008).pdf
Syngress.Penetration.Testers.Open.Source.Toolkit.3rd.Edition.Aug.2011
Syngress SQL Injection Attacks and Defense.pdf
Managing Successful Projects with Prince2
以上主要是Penetration、Forensics和SecurityManagement方面的.
希望能給各位想從事信安的學弟學妹做些參考,當然啦,從事安全行業的學長有空也可以抽時間看看 。
http://bbs.byr.cn/#!article/Focus/45726
發信人: RSA (RSA), 信區: Security
標 題: 信息安全行業裏面一些很不錯的書
發信站: 北郵人論壇 (Thu Mar 1 12:25:17 2012), 站內
A Practical Guide to Federal Enterprise Architecture.pdf FEA架構的書,內容不錯,可惜不大適用於企業,更適用於我國政務網結構;
A Supply Chain Management Guide To BCP.pdf 另一個角度看BCP,增長知識;
Adaptive Security Management Architecture.pdf 介紹安全管理架構(ESA)的書,不過思想較老,不推薦;
Auerbach.Complete.Guide.to.CISM.Certification.Dec.2006.pdf 較老的CISM教材,但內容不錯,值得學習;
Auerbach.Publications.Official.ISC.2.Guide.to.the.CISSP-ISSEP.CBK.eBook.pdf ISSEP CBK,值得認真學習;
BCM-Building an Effective Incident Management Plan.pdf 比較細致深入的從Incident角度講解了BCM,裏面大量案例非常值得參考;
BackTrack.5.Wireless.Penetration.Testing.Beginners.Guide.rar 內容一般;
Build.Your.Own.Security.Lab.rar Matespoit的書,可以學習一下;
CISA_Review_Manual_2011.pdf
CISM Review Questions, Answers & Explanations Manual 2009.pdf
CISSP Practice Exams - Book.pdf
CPA_Exam_Review_2011.rar
CRC.Press.Building.an.Effective.Information.Security.Policy.Architecture.pdf 講解如何編寫安全策略、制度的書,流程寫的較細致,但內容不夠精辟;
Cisco Switching Black Book.pdf
Cisco.Security.Little.Black.Book.eBook-EEn.pdf
Computer Forensics Investigating Data and Image Files.pdf 一本非常好的取證分析書,推薦;
Computer Forensics for Dummies.pdf
Computer and Information Security Handbook.rar 類似於Information Security Engneering,內容非常廣泛龐雜,增長知識的書,但不精深;
Defining Incident Management Processes for CSIRTs A Work in Progress.pdf CERT官方指南,教科書;
EC Council - ECSA-LPT Training V 4.0.pdf EC-Council ECSA官方教材,內容一般,不推薦;
ECSAv4-LPTv4 Instructor slides.rar
EMC Cloud Computing Security Overview.rar EMC的雲安全培訓材料,簡單入門;
Elsevier_Security_Risk_Management_2011.pdf 一本好書,務實的講解信息安全管理,非常推薦;
Enterprise Risk Management Best Practices.pdf 一本不錯的書,不過是講COSO/ERM的,並非針對information security,而且也不貼近,不過書本身還是不錯的;
Expert.Oracle.and.Java.Security.pdf Oracle和相關開發安全的書,內容不錯,尤其入門者可以學習;
Fundamentals of Project Management.pdf 項目管理書,內容一般,入門級別,不如學習Sybex PMP review;
Gray Hat Python.pdf python高階內容的書,偏重於逆向工程和程序調試,資深逆向和python愛好者可以看下;
HACKING EXPOSED MALWARE AND ROOTKITS- Malware and Rootkits Secrets and SolutionsHACKING EXPOSED MALWARE AND ROOTKITS- Malware and Rootkits Secrets and Solutions.pdf 黑客大曝光系列,講解rootkit類的,不錯的incident handling & forensics參考書;
Hackers Heroes of the Computer Revolution - 25th Anniversary Edition.pdf 歷史書;
Hackers.and.Painters.pdf 另一本歷史書,內容還行;
Hacking Exposed Computer Forensics Secrets & Solutions, Second Edition - Aaron Philipp.pdf 黑客大曝光取證,內容不錯;
Hacking Exposed Web Applications 3rd.pdf web安全第三版,好像2011的,內容很好,同類中的佼佼者;
Handbook for Computer Security Incident Response Teams (CSIRTs).pdf cert教科書;
How to Achieve 27001.pdf 27001認證建設的書,不過其實主要篇幅都在寫合規性管理,不如看Building.an.Effective.Information.Security.Policy.Architecture和CISO Handbook;
How to Prepare Business Cases.pdf 附加資料,如何編寫business case,合格的manager和pm應該看;
Human Resource Management fundamentals.pdf
ISACA CISA Exam Review 2011.rar
ISC Official Guide to CISSP Exam.rar CISSP OIG v2;
Incident Management Capability Metrics Version 0.1_07tr008.pdf cert教科書,講incident management度量的;
Incident Response and Computer Forensics.pdf 另一本incident和forensics的書,推薦;
Information Security Governace 2008.pdf 信息安全治理和管理,內容不錯,很精簡,初建安全管理體系者可以以之為參考;
Information Security Harmonisation.pdf 短小的讀物,講解一系列信息安全管理、治理標準之間的對比;
Information Security and Cryptography.pdf 加密學教科書,內容中規中矩,還是很詳細的,但可讀性不如RSA三件套;
Metasploit_The_Penetration_Tester‘s_Guide_2011.rar metaspoit的書,這本內容還不錯;
Mind Tools_Practical Thinking Skills for an Excellent Life_2007.pdf 管理工具和技能培訓,所有的職業人都應當學習,非常推薦;
Moving_from_Project_Management_to_Project_Leadership.pdf
Network-Infrastructure-Security.pdf
Network.Security.Bible.Jan.2005.pdf 第一章內容還行,後面一般;
Ninja Hacking - Unconventional Penetration Testing - T. Wilhelm, et al., (Syngress, 2011).pdf 很另類的書...反正很另類就是了,但是內容太裝B,不實在,不推薦;
No-Drama.Project.Management.pdf
No.Starch.Practical.Packet.Analysis.2nd.Edition.Jun.2011.pdf 實用厚道的網絡協議分析書,推薦;
O‘Reilly - Hardening Cisco Routers.rar
O‘Reilly - Programming Python (Fourth Edition).pdf
O-ESA.pdf
Offensive.Security.Collection.rar offensive的安全系列集合;
Offensve Security WiFu Training.rar offensive的wifi培訓,主要講解backtrack,內容不錯;
Official ISC2 Guide to The ISSAP CBK.pdf ISSAP CBK;
Oracle_LiveResponse.pdf
PKI_Implementing_and_Managing_E-Security.pdf RSA的PKI經典,值得學習;
PMBOK2008cn.pdf
PMP_Exam_Prep_6th_Edition.pdf
PMP_Project_Management_Professional_Exam_Review_Guide.pdf 前面三本經典的PMP教材,值得任何想走的長遠的人學習;
PassGuide CISM V3.21.pdf
Penetration Testing and Vulnerability Analysis Class.rar
Practical Enterprise Risk Management A Business Process Approach.pdf 另一本講解ERM的書,與信息安全關系不大,但內容不錯;
Practical Oracle Security.pdf Oracle安全的書,很容很不錯,可以和前面那個oracle & java一起閱讀;
Presentation Secret.pdf jobs的演講技巧,非常推薦,值得學習;
Project Management 5ed -The Managerial Process.pdf
Project_Management_A_Complete_Guide.pdf pmp的書,不如前面兩個,不推薦;
Python Standard Library.pdf
RSA_Securitys_Official_Guide_to_Cryptography.pdf RSA加密的經典,推薦;
SANS_GCIA_503_Intrusion_Detection.rar
SANS_SEC531.pdf
Sams.VBScript.WMI.and.ADSI.Unleashed.May.2007.pdf
Security Planning Using Zachman Framework for Enterprises.pdf
Security Policies and Implementing Identify Management with AD.pdf 使用AD構建IDM的書,內容一般;
Security for Microsoft Administrator.rar windows安全,內容基礎,不適合於做安全服務的人;
Security Monitoring.rar 安全日誌分析的書;
Sockets, Shellcode, Porting, & Coding, RE.rar 一本歷史悠久的shellcode經典教材;
Syngress - Business Continuity and Disaster Recovery Planning for IT Professionals.pdf 非常全面的BCP書,偏重於IT BCP/DRP,非常推薦;
Syngress - Hack Proofing Your Network (2nd Edition).pdf
Syngress Security for Microsoft Windows System Administrators(2010).pdf
Syngress Wireshark and Ethereal Network Protocol Analyzer Toolkit(2006).pdf 另一本講wireshark的書,內容也不錯,可以和前面那本一起看;
Syngress Writing Security Tools and Exploits(2006).pdf
The Mac Hacker‘s Handbook.pdf osx exploit開發;
The Official CHFI Study Guide 2007.pdf CHFI v4官方教材,取證,內容經典,可以作為主要教材;
The_CISO_Handbook.pdf CISO Handbook,信息安全管理,對不不同人可能相差很大;
Wiley.Security.Engineering.2nd.Edition.Apr.2008.pdf 增長見識的經典教材,內容龐雜,可以作為cissp補充閱讀資料;
Write Great Code.rar
Writing Exploits Tuts from Corelan Team.rar
cisa_study_guide_2011_Sybex_3rd.rar sybex的cisa備考書,內容組織比CRM好很多,推薦用此替代CISA Review Manual;
crc press - cyber crime investigator‘s field guide.pdf 較老的取證書,CISSP ISSxP CIB中推薦的補充材料,但內容一般;
designing-security-architecture-solutions.pdf
ence_v6_study_guide.pdf encase認證的培訓教材;
iOS Forensic Analysis for iPhone, iPad and iPod Touch.pdf
incident-handlers-handbook.pdf
nmap-cookbook-the-fat-free-guide-to-network-scanning.pdf nmap的pocket手冊,快速查閱可以看看,不過一般是用不到;
syngress - Eleventh Hour CISSP Study Guide.pdf 一本不錯的cissp書,適合考前總復習快速回憶知識點;
togaf_v9.pdf togaf白皮書;
windows_internal_5ed.pdf 經典的windows材料;
Volonino - Computer Forensics for Dummies (Wiley, 2008).pdf
Syngress.Penetration.Testers.Open.Source.Toolkit.3rd.Edition.Aug.2011
Syngress SQL Injection Attacks and Defense.pdf
Managing Successful Projects with Prince2
以上主要是Penetration、Forensics和SecurityManagement方面的.
希望能給各位想從事信安的學弟學妹做些參考,當然啦,從事安全行業的學長有空也可以抽時間看看 。
信息安全行業裏面一些很不錯的書